ok i have now changed the sambaSID on the user nobody to be <gloabl- sam-sid>-501
it now finds the user nobody but still says it can't find the primary group: for the user nobody, here are my ldap entries: # nobody, People, Staff, Itacs, sunderland.ac.uk dn: uid=nobody,ou=People,ou=Staff,ou=Itacs,dc=sunderland,dc=ac,dc=uk sambaSID: S-1-5-21-82148923-2461359520-1342846908-501 cn: nobody uid: nobody gidNumber: 65533 sambaPrimaryGroupSID: S-1-0-0 (which i understand is nobody on windows) description: UNI-STAFF samba guest domain account gecos: UNI-STAFF samba guest domain account loginShell: /bin/false sambaAcctFlags: [NU ] sambaPwdMustChange: 2147483647 sambaPwdCanChange: 0 sambaKickoffTime: 2147483647 sambaLogoffTime: 2147483647 sambaLogonTime: 0 sambaPwdLastSet: 0 homeDirectory: /dev/null uidNumber: 999 objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount objectClass: organizationalPerson objectClass: top objectClass: person sn: nobody no my nobody group is: # nobody, groups, Filestore, sunderland.ac.uk dn: cn=nobody,ou=groups,ou=Filestore,dc=sunderland,dc=ac,dc=uk sambaGroupType: 2 description: Domain Unix group displayName: nobody sambaSID: S-1-0-0 cn: nobody gidNumber: 65533 memberUid: nobody objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping here is the output: Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search: base => [dc=sunderland,dc=ac,dc=uk], filter => [(& (sambaSID=S-1-5-21-82148923-2461359520-1342846908-501) (objectclass=sambaSamAccount))], scope => [2] init_sam_from_ldap: Entry found for user: nobody pdb_set_username: setting username nobody, was pdb_set_domain: setting domain UNI-STAFF, was pdb_set_nt_username: setting nt username nobody, was pdb_set_user_sid_from_string: setting user sid S-1-5-21-82148923- 2461359520-1342846908-501 pdb_set_user_sid: setting user sid S-1-5-21-82148923-2461359520- 1342846908-501 pdb_set_group_sid_from_string: setting group sid S-1-0-0 pdb_set_group_sid: setting group sid S-1-0-0 smbldap_get_single_attribute: [displayName] = [<does not exist>] pdb_set_full_name: setting full name nobody, was smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] pdb_set_dir_drive: setting dir drive , was NULL smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] pdb_set_homedir: setting home dir , was smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] pdb_set_logon_script: setting logon script , was smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] pdb_set_profile_path: setting profile path , was smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 account_policy_get: password history:0 smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] Opening cache file at /usr/local/uni-staff//var/locks/login_cache.tdb Looking up login cache for user nobody No cache entry found No cache entry, bad count = 0, bad time = 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups smbldap_search: base => [ou=groups,ou=filestore,dc=sunderland,dc=ac,dc=uk], filter => [(& (objectClass=posixGroup)(|(memberUid=nobody)(gidNumber=65533)))], scope => [2] primary group of [nobody] not found pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_user_groups_from_local_sam failed attempting to free (and zero) a server_info structure attempting to free (and zero) a server_info structure its now 23:10 localtime, would love to get this fixed for the start of business day tomorrow! :) Cheers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. ----- Original Message ----- From: Jeremy Allison <[EMAIL PROTECTED]> Date: Thursday, September 29, 2005 10:44 pm Subject: Re: [samba] ldapsam:trusted = yes kills smbd > On Thu, Sep 29, 2005 at 10:43:26PM +0100, Daniel Wilson wrote: > > Successfully added passdb backend 'guest' > > Attempting to find an passdb backend to match > > ldapsam:ldap://vila.sunderland.ac.uk (ldapsam) > > Found pdb backend ldapsam > > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI- > STAFF))]> > > Breakpoint 1, 0x00000000005daa33 in smbldap_search () > > (gdb) > > (gdb) > > (gdb) n > > Single stepping until exit from function smbldap_search, > > which has no line number information. > > smbldap_search: base => [dc=sunderland,dc=ac,dc=uk], filter => [(& > > (objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))], scope => [2] > > The connection to the LDAP server was closed > > smbldap_open_connection: ldap://vila.sunderland.ac.uk > > smbldap_open_connection: connection opened > > ldap_connect_system: Binding to ldap server > > ldap://vila.sunderland.ac.uk as "cn=Directory Manager" > > ldap_connect_system: succesful connection to the LDAP server > > ldap_connect_system: LDAP server does not support paged results > > (gdb) n > > Single stepping until exit from function pdb_getsampwsid, > > which has no line number information. > > 0x00000000005b5306 in make_new_server_info_guest () > > (gdb) n > > Single stepping until exit from function make_new_server_info_guest, > > which has no line number information. > > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > > [Thread debugging using libthread_db enabled] > > [New Thread 182909114432 (LWP 8489)] > > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > > NT user token: (NULL) > > UNIX token of user 0 > > Primary group is 0 and contains 0 supplementary groups > > [Switching to Thread 182909114432 (LWP 8489)] > > > > Breakpoint 1, 0x00000000005daa33 in smbldap_search () > > (gdb) n > > Single stepping until exit from function smbldap_search, > > which has no line number information. > > smbldap_search: base => > > [ou=groups,ou=filestore,dc=sunderland,dc=ac,dc=uk], filter => [(& > > > (objectClass=posixGroup)(|(memberUid=nobody)(gidNumber=65533)))], > > scope => [2] > > 0x0000000000559503 in ldapsam_enum_group_memberships () > > (gdb) n > > Single stepping until exit from function > > Single stepping until exit from function make_new_server_info_guest, > > which has no line number information. > > 0x00000000005b547d in init_guest_info () > > (gdb) n > > Single stepping until exit from function init_guest_info, > > which has no line number information. > > 0x00000000005dd880 in main () > > (gdb) n > > Single stepping until exit from function main, > > which has no line number information. > > Ok, you're exiting from main() here : > > if (!init_guest_info()) > return -1; > > which is an immediate termination. You seem to be connecting > to the LDAP server but it's failing to look up a guest user > when looking there. > > This : > > if (!pdb_getsampwsid(sampass, &guest_sid)) { > unbecome_root(); > return NT_STATUS_NO_SUCH_USER; > } > > is failing - it's looking for a user with sid : > > <global-sam-sid>-0x000001F5 > > where global-sam-sid is the domain sid of your domain. > Looks like you don't have this user set up on your ldap > server. > > Jeremy. > >
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
